Image upload failing - anyone see why?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Image upload failing - anyone see why?

Post by simonmlewis »

I've done this so many times, but for some reason it's not seeing $photo.
I've tried various scripts, but it seems not to let me upload anything at all.

Code: Select all

// ADD AVATAR
  if ($update == "addavatar") {
$photo = isset($_FILES['photo']) ? $_FILES['photo'] : null;
$sizechange=filesize($_FILES['photo']['tmp_name']);
if ($sizechange > 400000)
{
	$photo = NULL;
	     echo " <script>
  window.location.replace('/profile=status=error')
  </script>";
}
else
{
    $target = $_SERVER['DOCUMENT_ROOT']."/images/avatars/";
    
  $random = (rand()%99999999);
  $pic=($_FILES['photo']['name']);
  $pic = str_replace(' ', '-', $pic);
  $newname="$random"."$pic";
  $target = $target . $newname;

    mysql_query("UPDATE admin SET avatar = '$newname' WHERE id = '$userid'");
  //Writes the photo to the server
  if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
    {
     echo " <script>
  window.location.replace('/profile')
  </script>";
    }    
    }
}	


echo "<form method='POST' action='/profile' enctype='multipart/form-data' name='photo'>
<input type='hidden' name='update' value='addavatar'>
Upload a new Avatar:<Br/>
<input type='file' name='photo'><br/>
<input type='submit' value='Upload' class='submit_generic'>
</form>";
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Image upload failing - anyone see why?

Post by requinix »

Well, $photo isn't actually being used anywhere, so there's that...

What do you mean "not seeing $photo"?

And are you aware your script has two huge vulnerabilities: not only are you open to SQL injection, but someone could upload PHP scripts to your site - possibly overwriting other PHP files.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: Image upload failing - anyone see why?

Post by simonmlewis »

I was taking it back to basics to see why it wasn't working.

This is the one I am intending to use, which only allows certain files.

But the same problems remains. On the live version, we'd use PDO for the INSERT.

Code: Select all

if ($update == "addavatar") {
$avatar=$_POST['avatar'];
error_reporting(0);
$change="";
$abc="";

 define ("MAX_SIZE","400");
 function getExtension($str) {
         $i = strrpos($str,".");
         if (!$i) { return ""; }
         $l = strlen($str) - $i;
         $ext = substr($str,$i+1,$l);
         return $ext;
 }

 $errors=0;
  
 if($_SERVER["REQUEST_METHOD"] == "POST")
 {
 	$image =$_FILES["avatar"]["name"];
	$uploadedfile = $_FILES['avatar']['tmp_name'];    
 
 	if ($image) 
 	{
 	
 		$filename = stripslashes($_FILES['avatar']['name']);
 	
  		$extension = getExtension($_FILES['avatar']['name']);
 		$extension = strtolower($extension);
		
		
 if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) 
 		{
		
 			$change='<div class="msgdiv">Unknown Image extension </div> ';
 			$errors=1;
 		}
 		else
 		{

 $size=filesize($_FILES['avatar']['tmp_name']);


if ($size > MAX_SIZE*1024)
{
	$change='<div class="msgdiv">You have exceeded the size limit!</div> ';
	$errors=1;
}


if($extension=="jpg" || $extension=="jpeg" )
{
$uploadedfile = $_FILES['avatar']['tmp_name'];
$src = imagecreatefromjpeg($uploadedfile);

}
else if($extension=="png")
{
$uploadedfile = $_FILES['avatar']['tmp_name'];
$src = imagecreatefrompng($uploadedfile);

}
else 
{
$src = imagecreatefromgif($uploadedfile);
}

echo $scr;

list($width,$height)=getimagesize($uploadedfile);

$tmp=imagecreatetruecolor($width,$height);

$newwidth=550;
$newheight=($height/$width)*$newwidth1;
$tmp=imagecreatetruecolor($newwidth1,$newheight1);

imagecopyresampled($tmp,$src,0,0,0,0,$width,$height,$width,$height);

$pic=($_FILES['avatar']['name']);
srand(time());
$random = (rand()%99999999);
$newname="$random"."$pic";

$filename = "images/avatars/". $newname;

imagejpeg($tmp,$filename,100);

imagedestroy($src);
imagedestroy($tmp);
}}
}

$result = mysql_query ("SELECT avatar FROM admin WHERE id = '$userid'");
while ($row = mysql_fetch_object($result))
{
  mysql_query("UPDATE admin SET avatar = '$newname' where id = '$userid'");
}
//Writes the photo to the server
if(move_uploaded_file($_FILES['avatar']['tmp_name'], $target))
{
  echo "<div class='admincompletedbox' style='margin-top: 5px'>
		<b>Primary photo has been added.</b></div>";
}
}
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: Image upload failing - anyone see why?

Post by simonmlewis »

What seems to be happening is that $newname never has anything in it. The file doesn't seem to be being processed at all.
Yet on another page I used for replacing images for a product, it works.
This is the same code! Just different variable names. Very odd.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Image upload failing - anyone see why?

Post by Celauran »

If you've got code that's not working and you can't figure out why,

Code: Select all

 error_reporting(0);
that's not doing you any favours.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: Image upload failing - anyone see why?

Post by simonmlewis »

Notice: Undefined index: avatar in C:\xampp\phpMyAdmin\site-custom\includes\profile.inc on line 43

Notice: Undefined index: avatar in C:\xampp\phpMyAdmin\site-custom\includes\profile.inc on line 44

Notice: Undefined variable: newname in C:\xampp\phpMyAdmin\site-custom\includes\profile.inc on line 124

Notice: Undefined index: avatar in C:\xampp\phpMyAdmin\site-custom\includes\profile.inc on line 127

Notice: Undefined variable: target in C:\xampp\phpMyAdmin\site-custom\includes\profile.inc on line 127

I now see this, but it's the same code that we use elsewhere that works.
It's as though this form isn't posting the info!
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Image upload failing - anyone see why?

Post by Celauran »

The snippet above contains no form and I can't rely on line numbers because there are fewer lines in the above snippet than the line numbers causing the errors.

That said, $newname is only defined inside your

Code: Select all

if($_SERVER["REQUEST_METHOD"] == "POST")
block, but you then reference it outside the block here

Code: Select all

mysql_query("UPDATE admin SET avatar = '$newname' where id = '$userid'");
Exact same situation for $target.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Image upload failing - anyone see why?

Post by Celauran »

Also, and unrelatedly,this

Code: Select all

function getExtension($str) {
    $i = strrpos($str,".");
    if (!$i) { return ""; }
    $l = strlen($str) - $i;
    $ext = substr($str,$i+1,$l);
    return $ext;
}
is built into the language. See http://php.net/manual/en/function.pathinfo.php
Post Reply